Right, M$ things. Opening it up in IDA will show us that only one function is declared, called start, and the first challenge is really this simple. Everything we might need is there!
Apart from windows causing you all the confusion because of how windows is (e.g. ReadFile is also used to read standard input…), this challenge has unobfuscated strings and a pretty straightforward control flow, so let’s do it!

-[ The Solution ]

Figure 1 is a screenshot of the start functions, with some annotations of my own to make it clearer.

Figure 1: disassembly of the main function.

Starting with the first basic block, the call to ReadFile is our first stop. The first two arguments, hFile and lpBuffer, are really just pointers telling ReadFile where to read from and where to write the data that it read. In this case it’s reading from standard input and saving to a location in memory. We can also see that memory variable being referenced later on, so let’s hang on to that!

Exactly after the ReadFile call the register ECX gets XORd with itself, a machine-efficient way to zero-out a register, and then what looks like a loop follows. Could it be that ECX is a loop counter? I think so because after the loop, this basic block follows:

We can also spot the strings “You are success” and “You are failure”, and the paths leading to those two also carry some information with them. In particular, the string “You are success” is reachable only after successful termination of the loop (after 24 iterations, to be precise) while the failure string can be reached at any point within the loop where the comparison fails. As such, getting that comparison right will get us to Challenge 2!

We can see that the checking loop is fairly simple; it will take a byte of our input, XOR it with 0x7D and then compare it to a byte from the location 0x402140 + ECX (another indication that ECX is a counter, as it is used to index into an char array):